US8205239B1ActiveUtility

Methods and systems for adaptively setting network security policies

95
Assignee: SATISH SOURABHPriority: Sep 29, 2007Filed: Sep 29, 2007Granted: Jun 19, 2012
Est. expirySep 29, 2027(~1.2 yrs left)· nominal 20-yr term from priority
Inventors:Sourabh Satish
H04L 63/102H04L 63/126
95
PatentIndex Score
44
Cited by
14
References
15
Claims

Abstract

Determining a security policy to apply to access requests to network sites that have not been classified for security risks is accomplished according to user behavior. Past behavior of users and requests to access network sites that are known security risks is recorded. When a user requests access to a site that is not classified for security purposes, a security policy is selected based on one or more users' past behavior. When a user has a history of not accessing sites that pose security risks, a more permissive security policy is set, and when a user has a history of requesting access to sites that do pose security risks a more restrictive security policy is set. Access requests are tracked, and security policy may be set at a name server that is remote from a user or user's computing system.

Claims

exact text as granted — not AI-modified
1. A network access gateway, comprising:
 a network interface that receives a request to access a network site from a first user that is remote to a network server; 
 a processor that determines the requested network site has not been assigned a security risk classification and that the first user is requesting access to the requested network site for a first time; 
 a memory that stores user information related to security risks of network sites to which a particular user has previously requested access, wherein the user information comprises a number of times the first user has previously requested to access each of the network sites; 
 a database in the memory, wherein the database includes a reputation score for the first user and one or more additional users, wherein the reputation score is determined based on a number of access requests to network sites that have been previously identified as security risks; 
 the processor further accesses the memory when access to the network site is requested for the first time, and based on the reputation scores for the first user and the one or more additional users, selects a security profile that is to be applied to the access request; and 
 the processor further restricts access to the network site with an unknown security risk when a frequency of access requests to network sites identified as security risks is above a threshold. 
 
     
     
       2. The network access gateway, as claimed in  claim 1 , wherein the memory comprises:
 a database of access requests from a plurality of users and information related to the security risks of network sites to which each user has previously requested access. 
 
     
     
       3. The network access gateway, as claimed in  claim 1 , wherein the processor selects the security profile according to a frequency of access requests from the user to network sites that are identified as security risks. 
     
     
       4. The network access gateway, as claimed in  claim 1 , wherein the processor generates a notification when a predetermined number of access requests are received for a network site that is not classified for security risk. 
     
     
       5. A method for selecting a security profile to apply to a request to access a network site, comprising:
 receiving an access request to access a network site from a remote computing system; 
 identifying a user ID associated with the access request; 
 determining if the network site has been classified according to a security risk for the site; 
 determining whether the user ID associated with the access request has previously gained access to the network site; 
 when the network site has been classified, recording the user ID, network site, and security risk in a memory; and 
 when the network site has not been classified and when the user ID associated with the access request is requesting access to the network site for a first time:
 identifying a prior access request associated with the user ID to access one or more additional network sites; 
 identifying at least one additional user ID associated with a prior access request to access the network site; 
 identifying a reputation score for the at least one additional user ID associated with the prior access request to access the network site and for the user ID associated with the prior access request to access the one or more additional network sites, wherein the reputation score is determined based on a number of access requests to network sites that have been previously identified as security risks; 
 identifying a security profile for the network site based on the identified reputation score for the user ID and the reputation score for the at least one additional user ID. 
 
 
     
     
       6. The method, as claimed in  claim 5 , wherein receiving an access request comprises:
 receiving a request to access a network site that is external to an enterprise from an enterprise network access gateway. 
 
     
     
       7. The method, as claimed in  claim 5 , wherein identifying a user ID comprises:
 determining a network address of the remote computing system; and 
 identifying the user ID of a user actively logged on to the remote computing system for that instance of the network address. 
 
     
     
       8. The method, as claimed in  claim 5 , wherein determining if the network site has been classified comprises:
 identifying a network address of the network site; 
 accessing a memory of classified network sites; and 
 determining if the identified network address has been classified. 
 
     
     
       9. The method, as claimed in  claim 5 , wherein when the identified network address is not classified for security purposes, determining that the network address is not a potential security risk when prior access requests associated with the user ID have not requested access to network sites that are security risks. 
     
     
       10. The method, as claimed in  claim 5 , wherein recording the user ID, network site, and security risk comprises:
 accessing a database that contains records of user IDs, access requests made by the user ID, and security risks associated with the access requests; and 
 updating the database record for the user ID with the access request and security risk. 
 
     
     
       11. A non-transitory computer readable medium containing instructions, that when executed by a computer, cause the computer to perform operations comprising:
 receiving an access request to access a network site from a remote computing system; 
 identifying a user ID associated with the access request; 
 determining if the network site has been classified according to a security risk for the site; 
 determining whether the user ID associated with the access request has previously gained access to the network site; 
 when the network site has been classified, recording the user ID, network site, and security risk in a memory; and 
 when the network site has not been classified and when the user ID associated with the access request is requesting access to the network site for a first time:
 identifying a prior access request associated with the user ID to access one or more additional network sites; 
 identifying at least one additional user ID associated with a prior access request to access the network site; 
 identifying a reputation score for the at least one additional user ID associated with the prior access request to access the network site and for the user ID associated with the prior access request to access the one or more additional network sites, wherein the reputation score is determined based on a number of access requests to network sites that have been previously identified as security risks; 
 identifying a security profile for the network site based on the identified reputation score for the user ID and the reputation score for the at least one additional user ID. 
 
 
     
     
       12. The computer readable medium, as claimed in  claim 11 , wherein receiving an access request comprises:
 receiving a request to access a network site that is external to an enterprise from an enterprise network access gateway. 
 
     
     
       13. The computer readable medium, as claimed in  claim 11 , wherein identifying a user ID comprises:
 determining a network address of the remote computing system; and 
 identifying the user ID of a user actively logged on to the remote computing system for that instance of the network address. 
 
     
     
       14. The computer readable medium, as claimed in  claim 11 , wherein when the identified network address is not classified for security purposes, determining that the network address is not a potential security risk when prior access requests associated with the user ID have not requested access to network sites that are security risks. 
     
     
       15. The computer readable medium, as claimed in  claim 11 , wherein recording the user ID, network site, and security risk comprises:
 accessing a database that contains records of user IDs, access requests made by the user ID, and security risks associated with the access requests; and 
 
       updating the database record for the user ID with the access request and security risk.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.